cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-31315,https://securityvulnerability.io/vulnerability/CVE-2023-31315,Potential vulnerability in MSR could lead to arbitrary code execution,"CVE-2023-31315 is a potential vulnerability in AMD's model specific register (MSR) that could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. The vulnerability affects the majority of AMD processors and has been patched by AMD in the Ryzen 3000 Series desktop processors. It has not been exploited by ransomware groups. Additionally, there are warnings about multiple cloud service provider attacks related to the Black Hat USA conference, and a potential vulnerability in Office that could lead to sensitive data leakage.",Amd,"3rd Gen Amd Epyc™ Processors,1st Gen Amd Epyc™ Processors,2nd Gen Amd Epyc™ Processors,4th Gen Amd Epyc™ Processors,Amd Epyc™ Embedded 3000,Amd Epyc™ Embedded 7002,Amd Epyc™ Embedded 7003,Amd Epyc™ Embedded 9003,Amd Ryzen™ Embedded R1000,Amd Ryzen™ Embedded R2000,Amd Ryzen™ Embedded 5000,Amd Ryzen™ Embedded 7000,Amd Ryzen™ Embedded V1000,Amd Ryzen™ Embedded V2000,Amd Ryzen™ Embedded V3000,Amd Ryzen™ 3000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 7000 Series Desktop Processors,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ Threadripper™ 3000 Series Processors,Amd Ryzen™ Threadripper™ Pro Processors,Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors,Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7030 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7040 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7045 Series Mobile Processors,Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics,Amd Ryzen™ 8000 Series Processors With Radeon™ Graphics",7.5,HIGH,0.0004299999854993075,false,true,false,false,,false,false,2024-08-12T13:38:00.000Z,0
CVE-2024-21980,https://securityvulnerability.io/vulnerability/CVE-2024-21980,Possible Overwrite of Guest Memory or UMC Seed in SNP Firmware,"The vulnerability in AMD's SNP firmware arises from improper restrictions on write operations that could be exploited by a malicious hypervisor. This flaw allows unauthorized write actions, which could lead to overwriting a guest's memory or the UMC seed. Such an attack poses serious risks, including a potential breach of confidentiality and integrity, exposing sensitive information and disrupting system operations. Users of AMD's SNP Firmware are advised to assess their environments for this vulnerability and take appropriate measures to mitigate associated risks.",Amd,"3rd Gen Amd Epyc™ Processors,4th Gen Amd Epyc™ Processors,Amd Epyc™ Embedded 7003,Amd Epyc™ Embedded 9003",7.9,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-08-05T16:06:36.216Z,0
CVE-2024-21978,https://securityvulnerability.io/vulnerability/CVE-2024-21978,Hypervisor Memory Leakage Vulnerability Discovered,"The vulnerability in AMD's SEV-SNP relates to improper input validation, which may be exploited by a malicious hypervisor. This flaw enables unauthorized access to read or overwrite guest memory, potentially resulting in significant data leakage or corruption. System administrators and users of affected products should prioritize reviewing the associated vendor advisory for specific mitigation steps and affected versions.",Amd,"3rd Gen Amd Epyc™ Processors,4th Gen Amd Epyc™ Processors,Amd Epyc™ Embedded 7003,Amd Epyc™ Embedded 9003",7.9,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-08-05T16:05:34.019Z,0
CVE-2023-31355,https://securityvulnerability.io/vulnerability/CVE-2023-31355,Hackers Could Overwrite Memory of Decommissioned Guests Through Improper Write Restrictions,"A security flaw has been identified in AMD's Secure Nested Paging (SNP) firmware, stemming from an improper restriction of write operations. This vulnerability may allow a malicious hypervisor to overwrite a guest's unique memory configuration seed (UMC seed). The potential consequence includes the ability to access sensitive data from memory previously allocated to a decommissioned guest system. Consequently, this issue raises significant concerns regarding the isolation and security of virtualized environments, necessitating immediate attention and remediation.",Amd,"3rd Gen Amd Epyc™ Processors,4th Gen Amd Epyc™ Processors,Amd Epyc™ Embedded 7003,Amd Epyc™ Embedded 9003",6,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-05T16:04:24.813Z,0
CVE-2023-20587,https://securityvulnerability.io/vulnerability/CVE-2023-20587,"{""Arbitrary Code Execution Vulnerability in SMM's SPI Flash""}","An improper access control vulnerability in AMD's System Management Mode (SMM) may allow attackers unauthorized access to system components, specifically targeting the Serial Peripheral Interface (SPI) flash. This exploitation can potentially lead to arbitrary code execution, granting attackers elevated privileges and the ability to execute malicious code within the system. It is crucial for users and organizations utilizing AMD products to review their systems and apply necessary mitigations as outlined in AMD's security advisory.",AMD,"3rd Gen AMD EPYC™ Processors,4th Gen AMD EPYC™ Processors,1st Gen AMD EPYC™ Processors,2nd Gen AMD EPYC™ Processors,AMD EPYC(TM) Embedded 3000 ,AMD EPYC(TM) Embedded 7002 ,AMD EPYC(TM) Embedded 7003,AMD EPYC(TM) Embedded 9003",,,0.0004299999854993075,false,false,false,false,,false,false,2024-02-13T19:31:22.706Z,0
CVE-2023-31347,https://securityvulnerability.io/vulnerability/CVE-2023-31347,Guest Integrity at Risk Due to Code Bug in Secure TSC,"A code bug present in the SEV firmware related to the Secure TSC function has been identified, allowing an attacker with elevated privileges to influence the Time Stamp Counter (TSC) perceived by guests when Secure TSC is enabled. This manipulation could lead to a compromised state of guest integrity, potentially impacting the stability and reliability of the virtualized environment.",Amd,"3rd Gen Amd Epyc™ Processors,4th Gen Amd Epyc™ Processors",4.9,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-02-13T19:18:51.045Z,0
CVE-2023-31346,https://securityvulnerability.io/vulnerability/CVE-2023-31346,Privileged Attacker May Access Stale Data from Other Guests via Failure to Initialize Memory,"A vulnerability in AMD's SEV Firmware stems from a failure to properly initialize memory, creating a risk where a privileged attacker can access outdated data belonging to other virtual guests. This issue presents significant security implications for environments utilizing virtualization, as it may compromise the confidentiality of sensitive information processed by other users. Users of affected AMD SEV Firmware must prioritize remediation efforts to safeguard their virtualized workloads.",AMD,"3rd Gen AMD EPYC™ Processors,4th Gen AMD EPYC™ Processors ",6,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-13T19:18:19.089Z,0
CVE-2023-20573,https://securityvulnerability.io/vulnerability/CVE-2023-20573,Debug Exception Delivery in Secure Nested Paging,"A vulnerability exists wherein a privileged attacker can interfere with the delivery of debug exceptions to Secure Encrypted Virtualization (SEV) with Secure Nested Paging (SNP) guests. This action may prevent these guests from receiving the necessary debug information, potentially affecting overall system performance and security monitoring. The flaw raises significant concerns regarding the integrity and reliability of debugging processes within affected environments.",AMD,"3rd Gen AMD EPYC™ Processors,4th Gen AMD EPYC™ Processors",3.2,LOW,0.0004299999854993075,false,false,false,true,true,false,false,2024-01-11T13:53:52.581Z,0
CVE-2023-20566,https://securityvulnerability.io/vulnerability/CVE-2023-20566,,Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.,Amd,"3rd Gen Amd Epyc™ Processors,4th Gen Amd Epyc™ Processors,Amd Epyc™ Embedded 7003,Amd Epyc™ Embedded 9003",5.3,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2023-11-14T19:15:00.000Z,0
CVE-2023-20519,https://securityvulnerability.io/vulnerability/CVE-2023-20519,,"A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.












",Amd,"3rd Gen Amd Epyc™ Processors,4th Gen Amd Epyc™ Processors",3.3,LOW,0.0004299999854993075,false,false,false,false,,false,false,2023-11-14T19:15:00.000Z,0
CVE-2022-23830,https://securityvulnerability.io/vulnerability/CVE-2022-23830,,"SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.",Amd,"3rd Gen Amd Epyc™ Processors,4th Gen Amd Epy™ Processors,Amd Epyc™ Embedded 7003",1.9,LOW,0.0006799999973736703,false,false,false,false,,false,false,2023-11-14T18:53:28.408Z,0
CVE-2021-26345,https://securityvulnerability.io/vulnerability/CVE-2021-26345,,Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.,Amd,"2nd Gen Amd Epyc™ Processors,3rd Gen Amd Epyc™ Processors,4th Gen Amd Epyc™ Processors,Amd Epyc™ Embedded 7002,Amd Epyc™ Embedded 7003",1.9,LOW,0.0007300000288523734,false,false,false,false,,false,false,2023-11-14T18:53:20.979Z,0
CVE-2021-46774,https://securityvulnerability.io/vulnerability/CVE-2021-46774,,"Insufficient DRAM address validation in System
Management Unit (SMU) may allow an attacker to read/write from/to an invalid
DRAM address, potentially resulting in denial-of-service.",Amd,"Ryzen™ 3000 Series Desktop Processors “matisse"",Amd Ryzen™ 5000 Series Desktop Processors “vermeer”,Amd Ryzen™ Threadripper™ 3000 Series Processors “castle Peak” Hedt,Amd Ryzen™ Threadripper™ Pro Processors “castle Peak” Ws Sp3,Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors  “chagall” Ws,1st Gen Amd Epyc™ Processors,2nd Gen Amd Epyc™ Processors,3rd Gen Amd Epyc™ Processors,4th Gen Amd Epyc™ Processors,Amd Epyc™ Embedded 3000,Amd Epyc™ Embedded 7002,Amd Epyc™ Embedded 7003,Amd Ryzen™  Embedded 5000",6.7,MEDIUM,0.0010400000028312206,false,false,false,false,,false,false,2023-11-14T18:52:11.012Z,0
CVE-2021-46766,https://securityvulnerability.io/vulnerability/CVE-2021-46766,,"Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.",Amd,"Ryzen™ Threadripper™ Pro 3000wx Series Processors  “chagall” Ws,4th Gen Amd Epyc™ Processors,Amd Epyc™ Embedded 9003",2.5,LOW,0.00044999999227002263,false,false,false,false,,false,false,2023-11-14T18:51:58.036Z,0
CVE-2023-20569,https://securityvulnerability.io/vulnerability/CVE-2023-20569,,"


A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.



















",Amd,"Ryzen™ 3000 Series Desktop Processors,Ryzen™ Pro 3000 Series Desktop Processors,Ryzen™ 3000 Series Desktop Processors With Radeon™ Graphics,Ryzen™ Pro 3000 Series Processors With Radeon™ Vega Graphics,Athlon™ 3000 Series Processors With Radeon™ Graphics,Athlon™ Pro 3000 Series Processors With Radeon™ Vega Graphics,Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Ryzen™ Pro 4000 Series Desktop Processors,Ryzen™ 5000 Series Desktop Processors,Ryzen™ 5000 Series Desktop Processors With Radeon™ Graphics,Ryzen™ Pro 5000 Series Desktop Processors,Ryzen™ Threadripper™ 2000 Series Processors,Ryzen™ Threadripper™ 5000 Series Processors,Ryzen™ Threadripper™ 3000 Series Processors,Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics,Ryzen™ 5000 Series Processors With Radeon™ Graphics,Ryzen™ Pro 5000 Series Processors,Ryzen™ 6000 Series Processors With Radeon™ Graphics,Ryzen™ Pro 6000 Series Processors,Ryzen™ 7040 Series Processors With Radeon™ Graphics,Ryzen™ 7000 Series Processors,Ryzen™ 7000 Series Processors With Radeon™ Graphics,1st Gen Amd Epyc™ Processors,2nd Gen Amd Epyc™ Processors,3rd Gen Amd Epyc™  Processors,4th Gen Amd Epyc™  Processors",4.7,MEDIUM,0.000699999975040555,false,false,false,false,,false,false,2023-08-08T18:15:00.000Z,0
CVE-2023-20575,https://securityvulnerability.io/vulnerability/CVE-2023-20575,,"
A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.









",Amd,"1st Gen Amd Epyc™ Processors,2nd Gen Amd Epyc™ Processors,3rd Gen Amd Epyc™ Processors,4th Gen Amd Epyc™ Processors",6.5,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2023-07-11T19:15:00.000Z,0